The Online Privacy Act of 2021, New Proposed Law

September 27, 2022 | 4 minutes read
The Online Privacy Act of 2021, New Proposed Law

As data privacy continues to be an ever-growing issue in our current age of digital communication, nations around the world have enacted new laws geared toward protecting the personal information of their respective citizens. Subsequently, while the U.S. has yet to pass a comprehensive data protection law at the federal level, there are several other proposed laws that are currently being considered. Likewise, The Online Privacy Act of 2021, a data privacy law that was first introduced in 2019, was reintroduced by U.S. Reps. Anna G. Eshoo (CA-18) and Zoe Lofgren (CA-19) on November, 18, 2021.

Otherwise known as H.R. 6027, the law would serve “To provide for individual rights relating to privacy of personal information, to establish privacy and security requirements for covered entities relating to personal information, and to establish an agency to be known as the United States Digital Privacy Agency to enforce such rights and requirements, and for other purposes.” Likewise, the law would place new obligations on businesses and organizations that collect the personal data of American citizens, as well as provide said citizens with various rights concerning their personal privacy.

How is personal data defined under the law?

Under the proposed Online Privacy Act of 2021, personal information is defined as “any information maintained by a covered entity that is linked or reasonably linkable to a specific individual or a specific device, including de-identified personal information and the means to behavioral personalization created for or linked to a specific individual.” Alternatively, the term personal information does not include “(i) publicly available information related to an individual; or (ii) information derived or inferred from personal information, if the derived or inferred information is not linked or reasonably linkable to a specific individual.”

What are the proposed provisions of the law?

Much like other prominent data privacy laws that have been passed by government institutions in other countries in the past decade, including the EU’s General Data Protection Regulation (GDPR), among others, the Online Privacy Act of 2021 would establish a number of requirements that businesses would be responsible for adhering to when collecting, processing, transferring, retaining, or disclosing the personal information of American citizens. For instance, the law states that businesses looking to collect personal data from an individual within the U.S. must have a reasonable and articulated basis for doing so.

Conversely, the law also forbids businesses from processing the personal information of data subjects within the U.S. for any purpose other than what was stated to an individual at the time in which their data was collected. Furthermore, businesses are also prohibited from retaining the personal data of an American citizen “once such information is no longer needed for the purpose for which such information was originally collected from the individual or in the case of a service provider, a purpose other than that which is in accordance with the directions of a covered entity.”

What are the rights of U.S. citizens under the law?

On the other hand, the proposed Online Privacy Act of 2021 also affords American citizens a number of rights as it relates to the protection of their personal information and by extension, their personal privacy. These rights include the following:

Contrarily, as it relates to the enforcement of the law, the Online Privacy Act of 2021 would also establish “an agency to be known as the United States Digital Privacy Agency to enforce such rights and requirements, and for other purposes.” To this point, the appointed Director of this agency would be charged with enforcing the numerous provisions of the law. This being said, the law states that “the Agency may commence a civil action against such person to impose a civil penalty or to seek all appropriate legal and equitable relief, including a permanent or temporary injunction.”

Due to the fact that the current data privacy landscape within the U.S. is segmented into a multitude of different laws that pertain to specific sectors of business, such as the Health Insurance Portability and Accountability Act (HIPAA), in addition to many others, passing a single law that would protect the privacy of all Americans across the nation’s 50 states has proven to be an extremely difficult task in practice. For this reason, despite the fact that the Online Privacy Act of 2021 would not provide as much protection as laws such as the EU’s GDPR, the enactment of such legislation would nonetheless represent a positive development.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Join The CaseGuard Team at IAI’s International Forensic Educational Conference
August 02, 2023 | 3 minutes read
Join The CaseGuard Team at IAI’s International Forensic Educational Conference

Meet our team at the Annual IAI International Forensic Educational Conference in Maryland this August from August 21st to 23rd.

Learn More »
Embarrassing Redaction Failures & How To Prevent Them
July 24, 2023 | 4 minutes read
Embarrassing Redaction Failures & How To Prevent Them

From exposing trade secrets to endangering operations by the National Security Agency, redacting documents incorrectly can lead to a lot of headaches.

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
Data Breaches: What’s The Big Deal & How To Prevent Them
July 03, 2023 | 5 minutes read
Data Breaches: What’s The Big Deal & How To Prevent Them

Not all data breaches are cyber attacks, and not all cyber attacks are data breaches; however, the terms are sometimes used interchangeably. A data breach involves unauthorized access to, and potential distribution of, sensitive data to an untrusted third party.

Learn More »